Amendments to the Specification 

Please replace the paragraph that begins on Page 3, line 17 and carries over to Page 4, line 7 with 
the following marked-up replacement paragraph: 

— As another example of functional controls, the Lotus Notes® e-mail application can be 
configured not to send an outbound e-mail message having a "confidential" security attribute to 
any recipients whose address is outside the local intranet. Or, in some cases, an e-mail message 
may still be delivered to such recipients, but this message will have the text and any attachments 
suppressed — in effect, providing the recipient with only a notification that the sender attempted 
to send something more. Here, the application system is responsible for maintaining certain 
controls (and in this example, maintains them at a pcr-documcnt, all-or-nothing level). As in the 
other examples which have been discussed, the user may rather easily avoid these functional 
controls: he simply has to remove the security attribute from the e-mail message, and the 
complete message can be sent. ("Lotus Notes" is a registered trademark of International Business 
Machines Corporation in the United States, other countries, or both .) — 

Please replace the paragraph on Page 15, lines 7-20 with the following marked-up replacement 
paragraph: 

— Each security container includes access and/or functional controls which are preferably 
specified by rules, as stated earlier. According to the present invention, these rules are stored 
within the security container in encrypted form. See element 120. Encrypting the rules increases 
assurance that unauthorized users cannot operate on the document component in the security 
container. (Note that the term "rules" should not be construed as limiting embodiments of the 
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present invention to use with rule-based systems or rules engines. The rules may be implemented 
simply as Boolean values, lists of permitted operations, conditional logic, and so forth.) In 
preferred embodiments, the rules are encrypted with a symmetric key, and this symmetric key is 
itself encrypted, once for each authorized user, process, user group, or group of processes, with a 
public key of that authorized entity. The resulting encrypted symmetric key for each such 
authorized entity is contained within encryption header 1 10, as noted above. The encryption 
header therefore provides a secure, efficient way of distributing key material for the authorized 
entities, as will be described in more detail below. (References herein to authorized users or user 
groups are to be interpreted as applying also to authorized processes or groups of processes.) ~ 

Please replace the paragraph that begins on Page 42, line 9 and carries over to Page 43, line 1 
with the following marked-up replacement paragraph: 

— As another example, if the requester's context indicates that she is using a text 
processing application that she has configured as being in her "business" isolation zone, then the 
rules may check to ensure they allow processing the security container's document component 
with that text processing application and rendering the document component within the business 
isolation zone. Or, the rules might check to ensure that she is using, for example, a StarOffice® 
application to edit a Microsoft Word document, and prevent access to the document component 
unless this is the case. Or, if the user attempts to paste a diagram from a Lotus Freelance 
Graphics® presentation into a Word document, where the rules encapsulated in the security 
container for that diagram prevent this cross-application transfer, then the paste operation will not 
succeed. If the user subsequently copies the diagram (or perhaps an icon representing the 
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diagram) onto the clipboard, and then attempts to paste the icon into a Freelance document, on 
the other hand, the rules will allow this transfer (assuming the other conditions checked by the 
rules have been met). ("StarOffice" is a registered trademark of Sun Microsystems, Inc. in the 
United States, other countries, or both , and "Freelance Graphics" is a registered trademark of 
International Business Machines Corporation in the United States, other countries, or both .) — 

Please replace the paragraph on Page 50, lines 7-19 with the following marked-up replacement 
paragraph: 

— Still referring to Fig. 10, the networks 942 and 944 may also include mainframe 
computers or servers, such as a gateway computer 946 or application server 947 (which may 
access a data repository 948). A gateway computer 946 serves as a point of entry into each 
network 944. The gateway 946 may be preferably coupled to another network 942 by means of a 
communications link 950a. The gateway 946 may also be directly coupled to one or more 
workstations 910 using a communications link 950b, 950c. The gateway computer 946 may be 
implemented utilizing an Enterprise Systems Architecture/370™ available from the International 
Business Machines Corporation ("IBM®"), an Enterprise Systems Architecture/390® computer, 
etc. Depending on the application, a midrange computer, such as an Application System/400® 
(also known as an AS/400®) may be employed. ("Enterprise Systems Architecture/370" is a 
trademark of IBM; "IBM", "Enterprise Systems Architecture/390", "Application System/400", 
and "AS/400" are registered trademarks of IBM in the United States, other countries, or both .) 
The gateway computer 946 may also be coupled 949 to a storage device (such as data repository 
948). - 
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